Presentation is loading. Please wait.

Presentation is loading. Please wait.

Christoph Klug GDD © GDD e.V. gdd German Association for Data Protection and Data Security Christoph Klug ATTORNEY AT LAW Phone: +49-228/694313 Fax: +49-228/695638.

Published byDeborah Miller Modified over 8 years ago

Similar presentations

Presentation on theme: "Christoph Klug GDD © GDD e.V. gdd German Association for Data Protection and Data Security Christoph Klug ATTORNEY AT LAW Phone: +49-228/694313 Fax: +49-228/695638."— Presentation transcript:

1 Christoph Klug GDD © GDD e.V. gdd German Association for Data Protection and Data Security Christoph Klug ATTORNEY AT LAW Phone: +49-228/694313 Fax: +49-228/695638 Internet: http://www.gdd.de E-Mail: klug@gdd.de Gesellschaft für Datenschutz und Datensicherung e.V.

2 Christoph Klug GDD © GDD e.V. gdd qNon-profit organisation qFounded in 1976 (1. German Data Protection Act) qMission for over 25 years: –Help members to comply with privacy provisions –Support data protection officers »Education and training (seminars, conferences, publications) »Guidance (legal, technical, organisational problems) –Lobbying: reasonable, effective and practicable data protection

3 Christoph Klug GDD © GDD e.V. Membership-Development 1990 - 2002 Stand: 10.10.2002

4 Christoph Klug GDD © GDD e.V. Membership structure Stand: 10.10.2002

5 Christoph Klug GDD © GDD e.V. Data Protection Official qDefinition: –A natural person, appointed by the controller of personal data, who shall independently assure that personal data is processed in a correct and lawful manner. qBusiness title: –Data protection officer (Germany, Netherlands) –Personal data representative (Sweden) –Corporate privacy officer (US)

6 Christoph Klug GDD © GDD e.V. The DPO-Concept qSelf-regulation (corporate self-monitoring) qMore effective data protection –Corporate compliance institution in addition to –Supervisory authority qAvoidance of unnecessary bureaucracy –Unburden supervisory authorities –Simplify notification –Prior checking by DPO instead of DP-authority

7 Christoph Klug GDD © GDD e.V. Origins of the DPO qGerman model implemented in EU-Directive (95/46/EG) qArt. 18 (2): Simplification of or exemption from notification where the controller, in compliance with the national law which governs him, appoints a data protection official, responsible in particular for: –ensuring in an independent manner the internal application of the national provisions taken pursuant to this Directive –keeping a register of processing operations carryed out by the controller...

8 Christoph Klug GDD © GDD e.V. Main Tasks qEnsure a lawful handling of personal data by the controller (company) including –Prior checking when specific risks - Article 20 (2) –Supervision of processors acting on behalf of the controller –Compliance with (internal) corporate privacy provisions such as codes of conduct or contractual obligations –Familiarise staff with data protection provisions qTransparency –Keep public register (any person) –Data subject rights (information, access, correction etc.)

9 Christoph Klug GDD © GDD e.V. Independent Status qArticle 18 (2) EU-Directive qPosition to exercise his functions in complete independence qIndependent inspection of processing operations –Necessary powers, means, premises, facilities, equipment, resources –Makes own professional judgement qIn case of grievances: report to head of the controller qController remains responsible for legal processing

10 Christoph Klug GDD © GDD e.V. Qualifications qNo requirements in EU-Directive qOnly vague requirements by German law: –“necessary know-how and reliability“ qGDD-Study: –Adequate knowledge of data protection law –Adequate knowledge of IT functions –Basic knowledge of business-related economics –Specific knowledge of the company`s internal structures and processing operations

11 Christoph Klug GDD © GDD e.V. Appointment of a DPO qEU-Directive: Appointment in compliance with the national law qGermany: Depending on size companies have to formally appoint DPO in writing. Mandatory appointment for public bodies. qNetherlands: DPO (optional) has to be registered with the DP-Commission (list) qSweden: DPO (optional). Practice: notification to the supervisory authority

12 Christoph Klug GDD © GDD e.V. Appointment Options qFull-time DPO –Larger companies –Multinational corporations, where the DPO is in charge for the affiliates as well (privacy assistants!) qPart-time DPO –Smaller companies –The DPO may hold another job in the firm qExternal DPO –Not employee but external consultant

13 Christoph Klug GDD © GDD e.V. The Value of Corporate DPOs qCorporate privacy management by DPO –Competitive advantage (own privacy chief) –Harmonised level of protection in multinational organisations –Self-regulatory approach allows for global enforcement qData protection controls can be improved –Two compliance institutions instead of one qSupervisory authorities can be unburdened –Self-monitoring –Prior checking –Notification

14 Christoph Klug GDD © GDD e.V. Simplification of Notification qEuropean Commission DP Conference in September –Evaluation of EU-Directive –Not a radical revision –Guidance for a better harmonisation –More uniform and consistent application in member states –Among other things: Simplification of notification qMember states and EU candidates should give companies the opportunity to appoint DPOs, thus avoiding the necessity to notify to the supervisory authority.

Download ppt "Christoph Klug GDD © GDD e.V. gdd German Association for Data Protection and Data Security Christoph Klug ATTORNEY AT LAW Phone: +49-228/694313 Fax: +49-228/695638."

Similar presentations

Pentti Mäkinen Central Chamber of Commerce of Finland Benefits of low regulation environment Brussels 13.12.2006.

Pentti Mäkinen Central Chamber of Commerce of Finland Benefits of low regulation environment Brussels
European Data Protection Supervisor EC Data Protection Conference, Brussels, 20 May 2009 Transparency and Notification in the Age of Internet: more Effective.

European Data Protection Supervisor EC Data Protection Conference, Brussels, 20 May 2009 Transparency and Notification in the Age of Internet: more Effective.
1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.

1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Hong Kong Privacy Code on Human Resource Management

Hong Kong Privacy Code on Human Resource Management
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Regulatory Body MODIFIED Day 8 – Lecture 3.

Regulatory Body MODIFIED Day 8 – Lecture 3.
| 08.08.2015 | Seite 1 Basic Principles of Insurance Supervision Duties and Operation of a Supervisory Authority under Coordinated European Legislation.

| | Seite 1 Basic Principles of Insurance Supervision Duties and Operation of a Supervisory Authority under Coordinated European Legislation.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Health & Safety Risk Assessments.

Health & Safety Risk Assessments.
Prof. P. Gola Prof. Peter Gola President German Association for Data Protection and Data Security GDD GDD numbers: Founded in 1977 (1. German Federal DP.

Prof. P. Gola Prof. Peter Gola President German Association for Data Protection and Data Security GDD GDD numbers: Founded in 1977 (1. German Federal DP.
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
Commission for the Prevention of Corruption Republic of Slovenia INTEGRITY I ACCOUNTABILITY I RULE OF LAW.

Commission for the Prevention of Corruption Republic of Slovenia INTEGRITY I ACCOUNTABILITY I RULE OF LAW.
Supporting Compliance: Effective Guidance and Advice to Business Giedrius Kadziauskas, Consultant, Inspection Reform and Better Regulation.

Supporting Compliance: Effective Guidance and Advice to Business Giedrius Kadziauskas, Consultant, Inspection Reform and Better Regulation.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
1 AN OVERVIEW OF THE FRENCH PUBLIC OVERSIGHT SYSTEM Vienna, 15 March 2006.

1 AN OVERVIEW OF THE FRENCH PUBLIC OVERSIGHT SYSTEM Vienna, 15 March 2006.
Supervision and regulation of banking system duty is given to a autonomous organization called Banking Regulation and Supervision Agency. BRSA is public.

Supervision and regulation of banking system duty is given to a autonomous organization called Banking Regulation and Supervision Agency. BRSA is public.

Similar presentations

Ads by Google